International Journal of Network Security & Its Applications (IJNSA), Vol.5, No.5, September 2013
FAST DETECTION OF DDOS ATTACKS USING NON-ADAPTIVE GROUP TESTING Huynh Nguyen Chinh1, Tan Hanh2, and Nguyen Dinh Thuc3 1
Faculty of Information Technology, University of Technical Education Ho Chi Minh City (UTE-HCMC), HCMC, Vietnam 2
3
Faculty of Information Technology, Posts and Telecommunications Institute of Technology (PTIT), HCMC, Vietnam
Faculty of Information Technology, University of Science (UoS), HCMC-VNU, Vietnam
ABSTRACT Network security has become more important role today to personal users and organizations. Denial-ofService (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious problem in network. The major challenges in design of an efficient algorithm in data stream are one-pass over the input, poly-log space, poly-log update time and poly-log reporting time. In this paper, we use strongly explicit construction d-disjunct matrices in Non-adaptive group testing (NAGT) to adapt these requirements and propose a solution for fast detecting DoS and DDoS attacks based on NAGT approach.
KEYWORDS Denial-of-service attack, ditributed denial-of-service attack, Group testing, Non-Adaptive Group testing, ddisjunct matrix.
1. INTRODUCTION 1.1 Denial-of-Service attacks Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks have become a serious problem in network. In these attacks, attackers sent a very large number of packets to victims in a very short amount of time. They aim to make a service unavailable to legitimate clients. They are easily done for attackers to launch but are difficult for target users to defend [3]. Network detection and mitigation is necessary to mitigate such malicious attacks. Internet service providers (ISPs) can help customers defend against bandwidth attacks by deploying appropriate filtering rules at routers, or alternatively using routing mechanisms to filter packets to drop malicious packets. Routers receive and process a lot of packets in network. Every packet has a destination IP address. If there are many packets passing through router which have the same IP destination, it may be a DoS attack. Our solution aims to provide early warning and tracking DoS or DDoS attacks by collecting IP packets and finding Hot-IPs (hosts appear with high frequency in network and they also called hot DOI : 10.5121/ijnsa.2013.5505
63